Connection model-based control of concurrent connection count and properties

ABSTRACT

A connection request including a connection model key and a partner system attribute of the partner system requesting a connection is received at an application server from a partner system. Using a predefined connection model, as determination is made as to whether the received connection model key and the received partner system attribute respectively match a configured connection model key and a configured authorized partner system attribute within the predefined connection model. In response to determining that the received connection model key and the received partner system attribute match the respective configured connection model key and the configured authorized partner system attribute within the predefined connection model, a connection is created that includes a first unique connection name derived from the received partner system attribute.

BACKGROUND

The present invention relates to server connections. More particularly,the present invention relates to connection model-based control ofconcurrent connection count and properties.

Application servers provide applications that may be executed on behalfof remote requesting systems. A requesting system may request executionof a program that resides on an application server. Results of theexecution of the application resident on the application server may bereturned to the requesting system.

BRIEF SUMMARY

A method includes receiving, at an application server from a partnersystem, a connection request comprising a connection model key and apartner system attribute of the partner system requesting a connection;determining, using a predefined connection model, whether the receivedconnection model key and the received partner system attributerespectively match a configured connection model key and a configuredauthorized partner system attribute within the predefined connectionmodel; and creating, in response to determining that the receivedconnection model key and the received partner system attribute match therespective configured connection model key and the configured authorizedpartner system attribute within the predefined connection model, aconnection that comprises a first unique connection name derived fromthe received partner system attribute.

A system includes a memory and a processor programmed to execute anapplication server to: receive, from a partner system, a connectionrequest comprising a connection model key and a partner system attributeof the partner system requesting a connection; determine, using apredefined connection model stored within the memory, whether thereceived connection model key and the received partner system attributerespectively match a configured connection model key and a configuredauthorized partner system attribute within the predefined connectionmodel; and create, in response to determining that the receivedconnection model key and the received partner system attribute match therespective configured connection model key and the configured authorizedpartner system attribute within the predefined connection model, aconnection that comprises a first unique connection name derived fromthe received partner system attribute.

A computer program product includes a computer readable storage mediumhaving computer readable program code embodied therewith, where thecomputer readable program code when executed on a computer causes thecomputer to execute an application server to: receive, from a partnersystem, a connection request comprising a connection model key and apartner system attribute of the partner system requesting a connection;determine, using a predefined connection model, whether the receivedconnection model key and the received partner system attributerespectively match a configured connection model key and a configuredauthorized partner system attribute within the predefined connectionmodel; and create, in response to determining that the receivedconnection model key and the received partner system attribute match therespective configured connection model key and the configured authorizedpartner system attribute within the predefined connection model, aconnection that comprises a first unique connection name derived fromthe received partner system attribute.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 is a block diagram of an example of an implementation of a systemfor connection model-based control of concurrent connection count andproperties according to an embodiment of the present subject matter;

FIG. 2 is a block diagram of an example of an implementation of a coreprocessing module capable of performing connection model-based controlof concurrent connection count and properties according to an embodimentof the present subject matter;

FIG. 3 is a message flow diagram of an example of an implementation of amessage flow usable to perform connection model-based control ofconcurrent connection count and properties according to an embodiment ofthe present subject matter;

FIG. 4 is a flow chart of an example of an implementation of a processfor connection model-based control of concurrent connection count andproperties according to an embodiment of the present subject matter; and

FIG. 5 is a flow chart of an example of an implementation of a processfor connection model-based control of concurrent connection count andproperties at an application server according to an embodiment of thepresent subject matter.

DETAILED DESCRIPTION

The examples set forth below represent the necessary information toenable those skilled in the art to practice the invention and illustratethe best mode of practicing the invention. Upon reading the followingdescription in light of the accompanying drawing figures, those skilledin the art will understand the concepts of the invention and willrecognize applications of these concepts not particularly addressedherein. It should be understood that these concepts and applicationsfall within the scope of the disclosure and the accompanying claims.

The subject matter described herein provides connection model-basedcontrol of concurrent connection count and properties. The presenttechnology allows a specific set/cluster of partner systems to connectto a server using the same connection model defined at the server, whilenon-authorized/non-configured partner systems may be deniedconnectivity. A single configuration of a connection is specified in theconnection model along with a connection model key that identifies theconnection model and a predefined system attribute (e.g., partner systemapplication identifier, or other identifier) that identifies authorizedpartner system instances that may connect using the connection model. Toconnect to the server, the partner system instances pass the model keyand their respective predefined system attribute. In response to a matchof the model key and predefined system attribute, a connection iscreated/established for the requesting partner system. A singleconnection is multiplexed on the server side among multiple partnersystems that share the same predefined system attribute to appear asmultiple connections. As such, partner system clones may connect usingthe same shared partner system identification details. Additionally, themultiplexed connection alleviates server-side restrictions that wouldotherwise result from multiple separate connections. Multiplexedconnection limitations for partner systems may be enforced, for example,using connection namespace limitations for granted/establishedmultiplexed connections within the connection model. Accordingly, thepresent technology facilitates access control and promotes resourceutilization efficiency.

For example, the predefinition of connections within the connectionmodel facilitates control of which systems may connect to each other.Additionally, the predefinition of connections within the connectionmodel facilitates control of specific attributes of the connections,such as the security checking to be performed and protocols to be used,the communication protocols supported, and the maximum number ofcommunication sessions that may be created. The connection model furtherfacilitates limiting the number of clone partner systems with sharedidentification details that may be connected at the same time to thesame server. Namespace field width or other namespace limitations forconnection names within the connection model may be utilized to controlthe number of connections for instances of any given partner system toan application server, thereby defining an autonomously-enforceableconnection control and limitation for specific partner systems.

As introduced above, when a connection request is received at a serverfrom a partner system within a cluster, the model key received in therequest may be compared to available connection models to identify amatching connection model. In response to a connection model match usingthe connection model key, the partner system identification details maybe compared to the authorized partner identification details within thematching connection model. If the partner system identification detailsmatch those defined in the connection model, the connection is acceptedand a unique connection name may be generated based on the partnerapplication identifier. The connection may be generated autonomouslybased upon the defined security mechanism. If the partner systemidentification details do not match those defined in the connectionmodel, the connection may be denied.

As such, an auto-install mechanism may be used to generate uniqueconnection names, while enforcing the defined security mechanism tocheck the partner system's identification details prior to allowingconnectivity. Additionally, different templates may be created for manydifferent partner clusters that connect to the same server. Further,each auto-installed connection may be tracked back to the originatingcluster because the connection name that is generated will be based onthe partner application identifier.

As also introduced above, the maximum number of partner systems in thecluster that may connect to the server may, for example, be limitedusing naming conventions within the connection model. To utilize namingconvention-based connection limitations, the connection names may belimited to a fixed size (e.g., character length) such that a number ofavailable characters in the template name field may be used to controlthe number of clients that may connect.

The partner system attributes may be defined within the connection modelto allow verification of authenticity of partner systems that requestconnectivity to an application server. The partner system attributes maybe any attributes appropriate for a given implementation. For example,partner system attributes may include predefined system attributes, suchas a partner system cluster application instance identifier, Internetprotocol (IP) address(es), systems network architecture logical unit(SNA LU) names or customer information control system (CICS®)application identifiers (IDs), security implemented by the partnersystem, or other identifiers may be used to confirm authenticity ofsystems that originate connection requests. As such, a variety ofpossibilities exist for verification of partner system attributes andall such possibilities are considered to be within the scope of thepresent technology.

The connection model key defined within the connection model may also bedefined within each partner system cluster within a partner systemconnection request model or connection factory. The partner systemattribute/identifier may also be defined within the partner systemconnection request model or connection factory. The connection model keydefined within the partner system connection request model or connectionfactory may be used by the partner systems along with the configuredpartner system attribute/identifier to identify the connection model tobe used for the requested connection. A different connection model keyand partner system cluster identifier may be defined for each respectivepartner cluster within different connection models. As such, granulardefinition of multiplexed connectivity by different partner systems maybe implemented using the respective connection models.

As part of the request to connect to a remote application server, eachpartner instance may pass the connection model key and their respectivepartner system attribute (e.g., partner system cluster applicationinstance identifier) with its first message to the application server.In response to receipt of this first message, the application server maycompare the received connection model key to connection model keysdefined within the available connection models that are defined at theserver. If the received connection model key matches the connectionmodel key within a connection model, the application server mayvalidate/confirm that the partner system attributes (also defined withinthe connection model) match those of the requesting partner system(e.g., partner application identifier, Internet protocol (IP) address,etc.). If the partner attributes defined in the connection modelidentified by the received connection model key match those of therequesting partner system, the server may create a unique connectionname based on the application identifier of the partner cluster, againlimited by the defined allowable maximum number of connections for thepartner system cluster. Once the final allowed connection name iscreated, no more connections may be created for the particular partnersystem cluster given the defined namespace limitations within therespective connection model.

As described in more detail below, the connection name field width maybe defined as appropriate for a given implementation to allowflexibility of connection count and autonomous connection limitationcontrol across different partner system clusters. Accordingly,connection limitations may be imposed within the connection model asappropriate for each partner system cluster using connection name fieldwidth in combination with partner system identifier/naming conventions(e.g., identifier width) that are used as model keys in connectionrequests. These connection limitations may be autonomously implementedin response to connection requests, and any additional connectionattempts beyond the configured limit may be rejected until one of theexisting connections is closed and available for reuse. As such,provisioning and resource management may be improved by avoidingexcessive resource provisioning and by avoiding resourceoverutilization, respectively.

For example, the present technology maintains an awareness of theconnection namespace and whether or not a connection name is in use atany particular point in time. To initially grant or to reuse connectionnumbers/names, the present technology may iterate around a set ofpossible values for the connection number suffix and, as such, does notneed to maintain any state information other than the prior numericconnection number last used. To name a connection that is to be granted(based upon validation of the request itself against the connectionmodel as described above and in more detail below), the presenttechnology iterates through the possible connection namespace asfollows. Initially, a check may be performed to determine whether thecount of the maximum available namespace has been exceeded. If the countof the maximum available namespace has been exceeded, then theconnection request may be denied. If count of the maximum availablenamespace has not been exceeded, a/the previous connection number may beretrieved (e.g., from a cache, register, variable, or otherwise). Theprevious connection number may be incremented, or if at the numericlimit, the connection number may be reset to the first connection number(e.g., reset to one (1)). The processing may then concatenate theresulting connection number as a numeric character suffix onto thesupplied partner application attribute (e.g., identifier) to generatethe connection name. The new connection number may be stored (e.g.,again within a cache, register, variable, or otherwise). The processingthen confirms/validates that the resulting connection name is available.If the resulting connection name is not available, the processing mayiterate as described above until an available connection name isidentified/validated. When the first available connection name isidentified, the new connection may be installed/granted using thisderived name (e.g., partner application identifier concatenated with thenumeric suffix). As such, the present technology does not require a listor other data structure to obtain reuse of connection names. However, itshould be noted that the above sequence of steps may be altered and apool or list of reusable connection names may be used without departurefrom the scope of the present technology.

The present technology may be implemented, for example, as a middlewareapplication within an application server system. The application serversystem may receive requests from remote applications usingpredefined/configured connections represented within the connectionmodel. These predefined connections are used to control the ability ofthe application server to accept connections from other partner systemsthat request the execution of programs that reside on the applicationserver system.

It should be noted that the present technology is applicable to avariety of interconnection environments. As such, within the descriptionand examples herein, the term “partner system” is used to refergenerally to a system or server that may be operative within a clusterof such systems or servers to connect to an application server asdescribed herein. Additionally, a partner system may include anapplication level instance of either a server or a client applicationwith respect to the application server/instance that manages connectionsthat are requested by the partner systems as described herein. Further,more than one partner system instance may be instantiated on any givencomputing device and a cluster of such partner system instances mayexist on one or more physical computing devices. Accordingly, the terms“partner system,” “partner server,” “client system,” “client server,”and partner or client “clones” may be interchanged within thedescription herein as appropriate for a given implementation.

The term “connect” or “connection” as used herein refers to amessaging/processing connection between an instance (e.g., instantiatedapplication level process) of a partner system to a given applicationserver. As such, the present technology extends to both partnerserver/system and client application instance connectivity to any givenapplication server.

Additionally, the terms “connection model,” “predefined model connectiontemplate,” and similar terms are also considered synonyms andinterchangeable herein. The connection model as described hereinrepresents a template for connection creation that is used by a serverto self-regulate the creation of new shared connections (e.g., sharedlogical connections operative over a single physical connection) thatare requested by partner system instances. As such, the connection modelrepresents a single configuration of a connection in a cell-likeenvironment that is multiplexed on the server side to appear as multipleconnections to partner system instance clones that attempt to connect tothe server, thus limiting the effect of server-side connectionrestrictions. The connection model includes connection characteristics,such as the identification details of the partner system(s) that areauthorized to connect to the server and any other specific connectionattributes (e.g., protocol, security, connection number limitations,etc.) that are to be used for establishing connections. The server mayutilize the connection model to verify/authenticate connection requestsand to establish the actual connections that are requested within theconfigured connection limits. As such, the connection model operates asa flexible tool for server to self-regulate which client instances mayconnect to the server and to self-regulate the maximum number ofauthorized connections to the server for any given client instancecluster.

It should be noted that conception of the present subject matterresulted from recognition of certain limitations associated withconnecting to application servers. For example, it was observed thatwithin conventional application server environments, resourcelimitations, such as storage, connection, processor usage, and otherresource limitations, result in creation of constraints within a givensystem environment. It was further observed that a cluster of clients(e.g., clones) may be forced by these constraints to use the sameconfiguration for connecting with an application server instance toavoid resource over-provisioning. However, it was further observed thatwhen an application server instance is created, a single partner systemrequest model may be created and is used as a shared template by allclients/clones within the cluster that share the same application serverinstance. It was additionally observed that if multiple clients/clonesshare the same partner system request model, they utilize the samelogical connection, which results in only one client/clone being able toconnect to the application server instance at any given time. As aresult of these observations, it was determined that it was desirable tocreate a connection architecture that allows multiple predefined logicalconnections between several clone instances and an application serverinstance that concurrently share the same physical connection. It wasfurther determined that it was desirable to allow the clients/clones todynamically connect to the application server instance. It wasadditionally determined that in conjunction with allowing dynamicconnection to the application server instance, it was desirable todefine which clients are allowed to connect to a given applicationserver instance and to know with certainty the system from which theconnection requests originated, while also being able to limit thenumber of connections that utilize the shared physical connection forresource management and control. The present subject matter improvesapplication server instance connectivity by providing for connectionmodel-based control of concurrent connection count and properties, asdescribed above and in more detail below. As such, improved connectioncontrol may be obtained by use of the present technology.

The connection model-based control of concurrent connection count andproperties described herein may be performed in real time to allowprompt connectivity of partner systems within different clusters toapplication servers using preconfigured connection models that specifyindividual cluster connectivity and connection limitations on aper-cluster basis. For purposes of the present description, real timeshall include any time frame of sufficiently short duration as toprovide reasonable response time for information processing acceptableto a user of the subject matter described. Additionally, the term “realtime” shall include what is commonly termed “near real time”—generallymeaning any time frame of sufficiently short duration as to providereasonable response time for on-demand information processing acceptableto a user of the subject matter described (e.g., within a portion of asecond or within a few seconds). These terms, while difficult toprecisely define are well understood by those skilled in the art.

FIG. 1 is a block diagram of an example of an implementation of a system100 for connection model-based control of concurrent connection countand properties. A computing cluster 102 through a computing cluster 104represent a variable-sized set of partner computing system clusters.Each of the computing cluster 102 through the computing cluster 104 mayinclude a variable number of computing devices, represented for ease ofillustration as a computing device_1 106 through a computing device_N108, though it is understood that the number of computing device may bedifferent within each of the computing cluster 102 through the computingcluster 104. Each computing device 106 through 108 within the respectiveone of the computing cluster 102 through the computing cluster 104 mayinstantiate/execute one or more application client instances/clones thatmay each communicate via a network 110 to connect, as described aboveand in more detail below, with one or more of an application server_1112 through an application server_M 114.

As will be described in more detail below in association with FIG. 2through FIG. 5, the computing device_1 106 through the computingdevice_N 108 within each of the computing cluster 102 through 104, andthe application server_1 112 through the application server_M 114 maycooperate to implement automated connection model-based control ofconcurrent connection count and properties. The automated connectionmodel-based control of concurrent connection count and properties isbased upon configuration and use of a predefined model connectiontemplate (e.g., connection model) that facilitates regulation,monitoring, and control of connection creation and connection limitsbetween the respective application server(s) and computing deviceclusters. A variety of possibilities exist for implementation of thepresent subject matter, and all such possibilities are considered withinthe scope of the present subject matter.

It should be noted that any of the respective computing devicesdescribed in association with FIG. 1 may be portable computing devices,either by a user's ability to move the respective computing devices todifferent locations, or by the respective computing device's associationwith a portable platform, such as a plane, train, automobile, or othermoving vehicle. It should also be noted that the respective computingdevices may be any computing devices capable of processing informationas described above and in more detail below. For example, the respectivecomputing devices may include devices such as a personal computer (e.g.,desktop, laptop, etc.) or a handheld device (e.g., cellular telephone,personal digital assistant (PDA), email device, music recording orplayback device, tablet computing device, e-book reading device, etc.),a web server, application server, or other data server device, or anyother device capable of processing information as described above and inmore detail below.

The network 110 may include any form of interconnection suitable for theintended purpose, including a private or public network such as anintranet or the Internet, respectively, direct inter-moduleinterconnection, dial-up, wireless, or any other interconnectionmechanism capable of interconnecting the respective devices.

FIG. 2 is a block diagram of an example of an implementation of a coreprocessing module 200 capable of performing connection model-basedcontrol of concurrent connection count and properties. The coreprocessing module 200 may be associated with any of the computingdevice_1 106 through the computing device_N 108 within each of thecomputing cluster 102 through 104, and with the application server_1 112through the application server_M 114, with variations as appropriate fora given implementation. As such, the core processing module 200 isdescribed generally herein, though it is understood that many variationson implementation of the components within the core processing module200 are possible and all such variations are within the scope of thepresent subject matter.

Further, the core processing module 200 may provide different andcomplementary processing of connection model processing in associationwith each implementation. As such, for any of the examples below, it isunderstood that any aspect of functionality described with respect toany one device that is described in conjunction with another device(e.g., sends/sending, etc.) is to be understood to concurrently describethe functionality of the other respective device (e.g.,receives/receiving, etc.).

A central processing unit (CPU) 202 provides computer instructionexecution, computation, and other capabilities within the coreprocessing module 200. A display 204 provides visual information to auser of the core processing module 200 and an input device 206 providesinput capabilities for the user.

The display 204 may include any display device, such as a cathode raytube (CRT), liquid crystal display (LCD), light emitting diode (LED),electronic ink displays, projection, touchscreen, or other displayelement or panel. The input device 206 may include a computer keyboard,a keypad, a mouse, a pen, a joystick, touchscreen, or any other type ofinput device by which the user may interact with and respond toinformation on the display 204.

It should be noted that the display 204 and the input device 206 may beoptional components for the core processing module 200 for certainimplementations/devices. Accordingly, the core processing module 200 mayoperate as a completely automated embedded device without direct userconfigurability or feedback. However, the core processing module 200 mayalso provide user feedback and configurability via the display 204 andthe input device 206, respectively, as appropriate for a givenimplementation.

A communication module 208 provides interconnection capabilities thatallow the core processing module 200 to communicate with other moduleswithin the system 100. The communication module 208 may include anyelectrical, protocol, and protocol conversion capabilities useable toprovide interconnection capabilities, appropriate for a givenimplementation.

A memory 210 includes a connection model configuration area 212 thatstores one or more connection models for use by the core processingmodule 200 when implemented in association with an application server,such as the application server_1 112 through the application server_M114. The connection model configuration area 212 may alternatively storeconnection factories that include model keys and partner systemidentifiers as described above when implemented in association with aclient/clone computing device, such as the computing device_1 106through the computing device_N 108 within the computing cluster 102through the computing cluster 104. The respective computing devices mayutilize the connection factory information to request connections to therespective application server(s), and the application servers mayutilize the connection model (e.g., connection template) information toauthenticate/validate the connection requests, as described above and inmore detail below.

The memory 210 also includes a connection processing area 214 thatprovides processing and storage space for use in requesting and/orgranting/establishing/creating connections, as appropriate for therespective device. The connection processing area 214 also providesspace for storing information associated with active connections (e.g.,connection names, etc.). Additional information may be stored within theconnection processing area 214 as appropriate for a givenimplementation.

It is understood that the memory 210 may include any combination ofvolatile and non-volatile memory suitable for the intended purpose,distributed or localized as appropriate, and may include other memorysegments not illustrated within the present example for ease ofillustration purposes. For example, the memory 210 may include a codestorage area, an operating system storage area, a code execution area,and a data area without departure from the scope of the present subjectmatter.

A connection control module 216 is also illustrated. The connectioncontrol module 216 provides connection creation and managementprocessing for the core processing module 200, as described above and inmore detail below. The connection control module 216 implements theautomated connection model-based control of concurrent connection countand properties of the core processing module 200, again in acomplementary manner as appropriate for the respective device withinwhich the core processing module 200 is implemented.

It should also be noted that the connection control module 216 may forma portion of other circuitry described without departure from the scopeof the present subject matter. Further, the connection control module216 may alternatively be implemented as an application stored within thememory 210. In such an implementation, the connection control module 216may include instructions executed by the CPU 202 for performing thefunctionality described herein. The CPU 202 may execute theseinstructions to provide the processing capabilities described above andin more detail below for the core processing module 200. The connectioncontrol module 216 may form a portion of an interrupt service routine(ISR), a portion of an operating system, a portion of a browserapplication, or a portion of a separate application without departurefrom the scope of the present subject matter.

The CPU 202, the display 204, the input device 206, the communicationmodule 208, the memory 210, and the connection control module 216 areinterconnected via an interconnection 218. The interconnection 218 mayinclude a system bus, a network, or any other interconnection capable ofproviding the respective components with suitable interconnection forthe respective purpose.

Though the different modules illustrated within FIG. 2 are illustratedas component-level modules for ease of illustration and descriptionpurposes, it should be noted that these modules may include anyhardware, programmed processor(s), and memory used to carry out thefunctions of the respective modules as described above and in moredetail below. For example, the modules may include additional controllercircuitry in the form of application specific integrated circuits(ASICs), processors, antennas, and/or discrete integrated circuits andcomponents for performing communication and electrical controlactivities associated with the respective modules. Additionally, themodules may include interrupt-level, stack-level, and application-levelmodules as appropriate. Furthermore, the modules may include any memorycomponents used for storage, execution, and data processing forperforming processing activities associated with the respective modules.The modules may also form a portion of other circuitry described or maybe combined without departure from the scope of the present subjectmatter.

Additionally, while the core processing module 200 is illustrated withand has certain components described, other modules and components maybe associated with the core processing module 200 without departure fromthe scope of the present subject matter. Additionally, it should benoted that, while the core processing module 200 is described as asingle device for ease of illustration purposes, the components withinthe core processing module 200 may be co-located or distributed andinterconnected via a network without departure from the scope of thepresent subject matter. For a distributed arrangement, the display 204and the input device 206 may be located at a point of sale device,kiosk, or other location, while the CPU 202 and memory 210 may belocated at a local or remote server. Many other possible arrangementsfor components of the core processing module 200 are possible and allare considered within the scope of the present subject matter.Accordingly, the core processing module 200 may take many forms and maybe associated with many platforms.

FIG. 3 is a message flow diagram of an example of an implementation of amessage flow 300 usable to perform connection model-based control ofconcurrent connection count and properties. One of the computingdevice_1 106 (from one of the computing clusters 102 through 104) withinthe computing cluster 102 and the application server_1 112 are used forpurposes of illustration within the message flow 300. It is understoodthat the present example applies to any cluster of computing devicesthat instantiate one or more partner systems/clones within a cluster,such as the computing cluster 102, and that interact to establish sharedconnections to a server, such as the application server_1 112. Asdescribed above, each computing device within a respective cluster mayinstantiate/execute one or more application client instances/clones thatmay each communicate via the network 110 to connect with the applicationserver_1 112, as described herein.

Within the present example, a connection model 302 has beendefined/configured with connection creation information within theconnection model configuration area 212 of the application server_1 112for use by the application server_1 112 to create connections asrequested by partner system instances executed by the computing device_1106. Similarly, a connection request model (e.g., connection factory)304 has been defined/configured with connection request informationwithin the connection model configuration area 212 of the computingdevice_1 106. The same models or similar models may be used by othercomputing devices and/or clusters as appropriate for a givenimplementation.

As can be seen within FIG. 3, the connection model 302 defined withinthe connection model configuration area 212 of the application server_1112 includes four fields. The first field is a model connection templatefield with a configured value/name of “MODKEY.” This model connectiontemplate field represents a model key that may be used by partnersystems to request connections, as described above and in more detailbelow. The second field within the connection model 302 is a partnersystem Internet protocol (IP) address field with a value of “1.2.3.4.”The third field is an application identifier field of “PAPPL.” As such,partner system instances that attempt to connect to the applicationserver_1 112 using an IP address of “1.2.3.4” and sending the model key“MODKEY” with an application identifier (ID) of “PAPPL” may be granted aconnection to the application server_1 112 up to the maximumallowed/configured shared connections, as described above and in moredetail below. The application server_1 112 may deny connection requeststhat come from different partner systems or from partner systems thatuse a different IP address. The fourth field within the connection modelis a connection namespace field with a value of eight (8). This valueindicates that the application server_1 112 is to utilize eight (8)character connection names to limit the number of connections. Asdescribed in more detail below, with an application identifier of“PAPPL,” three (3) characters are available for connection numbers/namesand the number of available connections may be limited using the naturalnamespace limitation provided by eight (8) characters.

As can also be seen within FIG. 3, the connection request model 304defined within the connection model configuration area 212 of thecomputing device_1 106 also includes three fields. The first field is anInternet protocol (IP) address field with the same value of “1.2.3.4” asconfigured for the “MODKEY” connection model 302 defined in associationwith the application server_1 112. The second field is a model key fieldwith a value that identifies the connection model key “MODKEY” of theconnection model 302 defined in association with the applicationserver_1 112. The third field is an application identifier field with avalue of “PAPPL” that also matches the application identifier within theconnection model 302 defined in association with the applicationserver_1 112.

Because each of these fields defined within the connection request model304 match the respective fields within the connection model 302 definedin association with the application server_1 112, the computing device_1106, and in particular the partner applications instantiated by thecomputing device_1 106 with application ID “PAPPL” may be grantedconnections to the application server_1 112. Again, the connections maybe limited by the connection namespace field limitation up to theconfigured connection limit, as described above in more detail below. Itshould be noted that other applications with different applicationidentifiers or that utilize a different IP address or model key torequest connections to the application server_1 112 will be refused bythe application server unless the respective fields match a differentconnection model (omitted to avoid crowding within the drawing figureand for brevity within the present example).

For ease of description, an alphabetical model key and application(partner system) identifier are utilized within the message flow 300,and an alphanumeric connection name width of eight (8) characters isdefined within the preconfigured model connection template representedby the connection model 302. For purposes of example, as describedabove, the application identifier is denoted within the present exampleas “PAPPL,” which is a five (5) character alphabetic value that will beused to form connection names used by the computing devices 106 through108 within the computing cluster 102. The application identifier is usedto identify all instances of a particular partner system. Similarly, asdescribed above, the model key is denoted within the present example as“MODKEY.” The model key is used to identify predefined connectionmodels/templates that are to be used by the respective partner systemsto connect to a given application server.

It should be noted that the model key and application identifier may beany value(s) as appropriate for a given implementation and the examplesdescribed herein are not to be considered limiting. For example,hexadecimal, octal, or other numeric variations may be used to form therespective fields, either alone or in combination with alphabeticalcharacters. Additionally, special characters may be used (e.g., “*,”“&,” “?,” “-,” “/,” etc.) to further modify the examples describedherein. Other variations on naming and namespace conventions arepossible and all such variations are considered to be within the scopeof the present subject matter.

Further, a numeric connection numbering scheme is utilized within thepresent example for ease of illustration purposes, though any form ofnaming connections may be utilized as appropriate for a givenimplementation. An alphanumeric naming convention for connections isused within the present example to illustrate naming convention-basedconnection limitations based upon the alphabetical applicationidentifier and numeric connection numbering. However, it is understoodthat other forms of partner system/application identifiers may beutilized and all such forms are considered to be within the scope of thepresent subject matter.

Using the alphanumeric naming convention as an example, it is assumedthat the connection model within the application server_1 112 has beendefined with a fixed-length field width for connection names. To furtherthe present example, with the connection namespace field defined withinthe connection model 302 and configured to a connection name width ofeight (8) characters for connection names, partner systems with a five(5) character alphabetical partner/application identifier (e.g., PAPPL)may be limited to nine hundred and ninety nine (999) connections (e.g.,omitting zero as a possible connection number). Using decimal-basednumerals, the connection limit may be implemented within a three (3)character numeric field.

Using this example field width of five (5) characters for thealphabetical partner/application identifier width (e.g., “PAPPL”), eachapplication client cluster/clone instance (e.g., executed by thecomputing device 106 through 108) may be defined and used by the partnersystems within this particular partner system cluster to connect to theapplication server_1 112. To request a connection to the applicationserver, the partner systems pass the partner system identifier “PAPPL”and the model key “MODKEY” to the application server_1 112.

To limit connections, connection numbers may be numerically appended tothe partner application identifier as connections are created to createconnection names, within the present example utilizing the definedthree-character numeric field. As such, again presuming that aconnection number of zero (000) is not used/omitted, the firstconnection that is created may be named “PAAPL001.” Similarly, thesecond connection that is created may be named “PAAPL002,” up to thefinal allowed connection name “PAAPL999” for additional connections.Accordingly, using the example field width of eight (8) characters, ninehundred and ninety nine (999) connections may be named/establishedbefore a connection limitation is reached.

Continuing with the present example, a first partner system instanceexecuted by the computing device_1 106 within the computing cluster 102uses the connection factory information described above and issues aconnection request to the application server_1 112 to request creationof a connection (line 1). The connection request includes the model key“MODKEY” and the application identifier “PAPPL” that are configuredwithin the computing device_1 106 and that are shared by partner systeminstances within the computing cluster 102 for connection requests.

In response to receipt of the connection request, at block 306 theapplication server_1 112 compares the partner system identificationdetails (e.g., PAPPL, IP address 1.2.3.4 from which the request wasreceived, and the model key “MODKEY) to the connection model. If thepartner system identification details match those defined in theconnection model, the connection is accepted and a unique connectionname may be generated based on the partner application identifier.Within the present example, the partner system identification detailsmatch the details defined in the connection model. The connection may begenerated autonomously based upon the defined security mechanism atblock 308. Within the present example, this is the first connection tobe created for this cluster using the connection model and the createdconnection is named “PAPPL001.”

As such, the application server_1 112 uses the received model key tomatch the request to its connection template named “MODKEY,” validatesthe partner IP address and application ID, and then creates a uniqueconnection named “PAPPL001” for this instance of the partnerapplication. The application server_1 112 acknowledges creation of theconnection named “PAPPL001” to the first partner system instance (line2). This first instance of the partner application uses this connectionnamed “PAPPL001” for all further communication requests with theapplication server_1 112.

Continuing with the present example, a second partner system instanceexecuted by the computing device_1 106 within the computing cluster 102also uses the connection factory to issue a connection request to theapplication server_1 112 to request creation of a connection (line 3).The connection request also includes the model key “MODKEY” and theapplication identifier “PAPPL” that are configured within the computingdevice_1 106 and that are shared by partner system instances within thecomputing cluster 102 for connection requests.

In response to receipt of the connection request, at block 310 theapplication server_1 112 compares the partner system identificationdetails (e.g., PAPPL, IP address 1.2.3.4 from which the request wasreceived, and the model key “MODKEY) to the connection model. If thepartner system identification details match those defined in theconnection model, the connection is accepted and a unique connectionname may be generated based on the partner application identifier.Within the present example, the partner system identification detailsmatch the details defined in the connection model. The connection may begenerated autonomously based upon the defined security mechanism atblock 312. Within the present example, this is the second connection tobe created for this cluster using the connection model and the createdconnection is named “PAPPL002.”

As such, the application server_1 112 uses the received model key tomatch the request to its connection template named “MODKEY,” validatesthe partner IP address and application ID, and then creates a uniqueconnection named “PAPPL002” for this instance of the partnerapplication. The application server_1 112 acknowledges creation of theconnection named “PAPPL002” to the second partner system instance (line4). This second instance of the partner application uses this connectionnamed “PAPPL002” for all further communication requests with theapplication server_1 112.

The ellipsis dots at the bottom of FIG. 3 illustrate that the processingdescribed above may continue for additional partner system instances andconnections may be created to the configured maximum number ofconnections. Further, as described above, connections may also beterminated or released by partner system instances. As connections areterminated/released by partner system instances, the terminated/releasedconnection names may be reused for connection requests fromadditional/other partner system instances, or for new connectionrequests from partner system instances that have previously releasedconnections.

Given the example above, it may be seen that an increase of onecharacter within the defined fixed-width connection name may increasethe number of connections by a factor of ten (10). Similarly, a decreaseof one character within the defined fixed-width connection name maydecrease the number of connections by a factor of ten (10). Further,changing the number of characters used as partner systemidentifiers/model keys may be increased or decreased with similareffects. Additional variations in connection name width and partnersystem identifiers/model keys may be utilized to alter the automatedconnection limitation controls as appropriate for a givenimplementation. For example, counters and counter value limits or othertechnology may be utilized to control connection limits as appropriatefor a given implementation, and all such variations are considered to bewithin the scope of the present technology.

FIG. 4 through FIG. 5 described below represent example processes thatmay be executed by devices, such as the core processing module 200, toperform the automated connection model-based control of concurrentconnection count and properties associated with the present subjectmatter. Many other variations on the example processes are possible andall are considered within the scope of the present subject matter. Theexample processes may be performed by modules, such as the connectioncontrol module 216 and/or executed by the CPU 202, associated with suchdevices. It should be noted that time out procedures and other errorcontrol procedures are not illustrated within the example processesdescribed below for ease of illustration purposes. However, it isunderstood that all such procedures are considered to be within thescope of the present subject matter. Further, the described processesmay be combined, sequences of the processing described may be changed,and additional processing may be added or removed without departure fromthe scope of the present subject matter.

FIG. 4 is a flow chart of an example of an implementation of a process400 for connection model-based control of concurrent connection countand properties. At decision point 402, the process 400 receives, at anapplication server from a partner system, a connection requestcomprising a connection model key and a partner system attribute of thepartner system requesting a connection. At block 404, the process 400determines, using a predefined connection model, whether the receivedconnection model key and the received partner system attributerespectively match a configured connection model key and a configuredauthorized partner system attribute within the predefined connectionmodel. At block 406, the process 400 creates, in response to determiningthat the received connection model key and the received partner systemattribute match the respective configured connection model key and theconfigured authorized partner system attribute within the predefinedconnection model, a connection that comprises a first unique connectionname derived from the received partner system attribute.

FIG. 5 is a flow chart of an example of an implementation of a process500 for connection model-based control of concurrent connection countand properties at an application server, such as one or more of theapplication server_1 112 through the application server_M 114. Atdecision point 502, as part of higher-level processing, the process 500makes a determination as to whether a connection request has beenreceived from a partner system/clone instance. In response todetermining that a connection request has not been received from apartner system/clone instance, as an additional part of the higher-levelprocessing, at decision point 504 the process 500 makes a determinationas to whether a connection termination request has been received from apartner system/clone instance. In response to determining that aconnection termination request has not been received from a partnersystem/clone instance, the process 500 returns to decision point 502 anditerates as described above. As such, the process 500 manages bothconnection requests and connection termination requests, as described inmore detail below. Processing of connection termination requests will bedescribed in detail further below, though it is understood thatconnection names for terminated connections may be reused by iterativeprocessing of connection number request increments. Additionally, it isunderstood that a first of any such connection, while a logicalconnection with respect to the underlying physical connection, may bereferred to as a “connection” without the “logical” modifier and thatadditional connections may be granted/installed as multiplexed logicalconnections with the first or other logical connection(s) over a singlephysical connection. As such, distinctions between logical and physicalconnections are captured by the description above and are omitted fromthe following drawing description for ease of description purposes.

Returning to the description of decision point 502, in response todetermining that a connection request has been received from a partnersystem/clone instance, the process 500 extracts a connection model keyfrom the connection request at block 506. At decision point 508, theprocess 500 makes a determination as to whether the received/extractedconnection model key matches a configured connection model key definedwithin a defined connection model. For example, the process 500 maycompare the received/extracted connection model key to configuredconnection model key(s) defined within one or more defined connectionmodels that are configured for use by the process 500. In response todetermining that the received/extracted connection model key does notmatch any configured connection model key defined within any definedconnection model, the process 500 denies the connection request at block510 and returns to decision point 502 and iterates as described above.As such, partner systems that do not provide an accurate/configuredconnection model key may be denied access to the application serverexecuting the process 500.

Returning to the description of decision point 508, in response todetermining that the received/extracted connection model key does matcha configured connection model key defined within a defined connectionmodel, the process 500 extracts the partner system applicationidentifier from the connection request and computes the maximum size ofthe connection namespace (based upon the partner system applicationidentifier) using a difference between the partner applicationidentifier and a configured maximum width of connection names at block512. At decision point 514, the process 500 makes a determination as towhether the partner system application identifier is valid (e.g.,matches) for the matching connection model. In response to determiningthat the partner system application identifier is not valid for thematching connection model, the process 500 returns to block 510 to denythe connection and iterates as described above. In response todetermining that the partner system application identifier is valid forthe matching connection model, the process 500 extracts any additionalpartner system attribute(s) from the connection request at block 516.The additional partner system attributes may include, for example, apartner system cluster identifier, and/or any other attributeappropriate for a given implementation. At decision point 518, theprocess 500 makes a determination as to whether the received/extractedadditional partner system attribute(s) match any configured additionalauthorized partner system attribute(s) configured within the matchingconnection model. For example, the process 500 may compare thereceived/extracted additional partner system attribute(s) to authorizedpartner system attribute(s) configured within the matching connectionmodel. In response to determining that the received/extracted additionalpartner system attribute(s) do not match the authorized partner systemattribute configured within the matching connection model, the process500 returns to block 510 to deny the connection request and iterates asdescribed above. As such, the process 500 enforces connectionauthorization of connections to the application server using theconfigured authorized partner system attributes within the connectionmodel.

Returning to the description of decision point 518, in response todetermining that the received/extracted additional partner systemattribute(s) do match the additional authorized partner systemattribute(s) configured within the matching connection model, theprocess 500 identifies a next connection number for the partner systemcluster at block 520. The next connection number may be identified, forexample, by retrieving and incrementing the last connection number thatwas created in association with a connection name (e.g., from a cache).The last connection number may be incremented in response to a newrequest or as part of completion of creation of a connection, asappropriate for a given implementation. Additionally, when theconfigured maximum is reached, the connection number may be incrementedfrom the configured maximum back to one (1) and iterate as connectionsare requested. Additionally, the respective connection number may beretrieved from a register/variable that is incremented for connectionnumbering, or otherwise as appropriate for a given implementation.

It is understood that the extraction of both the connection model keyand the partner system attribute may be performed contemporaneouslyalong with a contemporaneous comparison of the respective values toconfigured connection model values. Additional variations on theprocessing described herein are possible and all are considered to bewithin the scope of the present technology.

At decision point 522, the process 500 makes a determination as towhether a connection namespace limitation has been reached in view ofthe incremented connection number. As described above, the connectionmodel may include a connection namespace field limitation that limits anumber of created unique connection names. The connection name mayinclude both the partner system identifier and the multiplexedconnection number (again as noted above, a logical connection number).As such, a field width limitation for connection numbering within aconnection name may be used to autonomously limit the number ofconnections for a given partner system cluster. As such, an overflow ofthe respective field width (e.g., a wrap to zero or a negative number)may be utilized to determine that the connection limitation has beenreached. Additionally, as described above, initially a check may beperformed to determine whether the count of the maximum availablenamespace has been exceeded. If the count of the maximum availablenamespace has been exceeded, then the connection request may be denied.If count of the maximum available namespace has not been exceeded, a/theprevious connection number may be retrieved (e.g., from a cache,register, variable, or otherwise). The previous connection number may beincremented, or if at the numeric limit, the connection number may bereset to the first connection number (e.g., reset to one (1)).

In response to determining at decision point 522 that the connectionnamespace limitation has not been reached in view of the incrementedconnection number, the process 500 concatenates the partner systemattribute (e.g., identifier) with the incremented connection number tocreate a multiplexed connection, and grants the connection request atblock 524. As such, the process 500 creates a multiplexed connectionname (again, a logical connection name) that incorporates the partnersystem attribute and the connection-limited connection number.Accordingly, each partner system instance utilizes a unique connectionname for multiplexed application accesses to the application server. Theprocess 500 returns to decision point 502 and iterates as describedabove.

Returning to the description of decision point 522, in response todetermining that the connection namespace limitation has been reached inview of the incremented connection number, the process 500 makes adetermination at decision point 526 as to whether a reusable connectionname is available. For example, if the resulting connection name fromthe increment operation described above is not available, the process500 may iterate as described above until an available connection name isidentified/validated or until a determination is made that no connectionname is available (this iteration is not illustrated to avoid crowdingwithin the drawing space).

In response to determining that a reusable connection name is notavailable at decision point 526, the process 500 returns to block 510 todeny the connection request and iterates as described above. As such,the process 500 enforces a limit on a number of multiplexed connectionsto the application server from partner systems that share the partnersystem attribute using the connection namespace field limitation withinthe connection model. The process 500 further denies additionalconnection requests in response to determining, based upon the namespacefield limitation that limits the number of created unique connectionnames and the previously-created connection names, that the limit on thenumber of multiplexed connections to the application server from partnersystems that share the partner system attribute has been reached.

Returning to the description of decision point 526, in response todetermining that a reusable connection name is available, when the firstavailable connection name is identified, the new connection may beinstalled/granted using this derived name (e.g., partner applicationidentifier concatenated with the numeric suffix). The process 500assigns the reusable connection name to create a multiplexed connectionfor the requesting partner system instance and grants the connectionrequest at block 528. As such, the process 500 may reuse a uniqueconnection name for a new multiplexed connection in response to a newconnection that includes the appropriate connection model key and thatshare the same partner system attribute assigned to the respectivepartner system cluster. As such, the process 500 also enforces a limiton a number of multiplexed connections to the application server frompartner systems that share the partner system attribute using theconnection namespace field limitation within the connection model byreusing connection names. The process 500 returns to decision point 502and iterates as described above.

Returning to the description of decision point 504, in response todetermining that a connection termination request has been received froma partner system/clone instance, the process 500 terminates themultiplexed connection to the partner system that is requesting thetermination of the multiplexed connection at block 530. The reusableconnection names may be utilized, as described above, to enforce thelimit on the number of multiplexed connections to the application serverfrom partner systems that share the partner system attribute. Theprocess 500 returns to decision point 502 and iterates as describedabove

As such, the process 500 processes connection and termination requestsat an application server to manage and control which partner systeminstances may connect to the server, and the number of partner systeminstances that may connect concurrently. As additional connectionrequests that include the connection model key are received fromadditional partner systems that share the same partner system attribute,the process 500 enforces the limit on the number of multiplexedconnections to the application server from partner systems that sharethe partner system attribute using the connection namespace fieldlimitation within the connection model. For such additional requests,the process 500 determines whether the limit on the number ofmultiplexed connections to the application server from partner systemsthat share the partner system attribute has been reached based upon thenamespace field limitation that limits the number of created uniqueconnection names and based upon previously-created connection names. Theprocess 500 creates additional multiplexed connections over theconnection that includes, for each connection, an additional uniqueconnection name derived from the received partner system attribute andbased upon previously-created connection names for use by the additionalrequesting partner system. As such, the connection model authorizesmultiple specific partner system instances to connect using the sameconnection model via the partner system attribute, and provides controlover the number of concurrently-connected partner systems. Accordingly,the process 500 manages impacts on resource availability, access,security, and other issues to an application server.

As described above in association with FIG. 1 through FIG. 5, theexample systems and processes provide connection model-based control ofconcurrent connection count and properties. Many other variations andadditional activities associated with connection model-based control ofconcurrent connection count and properties are possible and all areconsidered within the scope of the present subject matter.

Those skilled in the art will recognize, upon consideration of the aboveteachings, that certain of the above examples are based upon use of aprogrammed processor, such as the CPU 202. However, the invention is notlimited to such example embodiments, since other embodiments could beimplemented using hardware component equivalents such as special purposehardware and/or dedicated processors. Similarly, general purposecomputers, microprocessor based computers, micro-controllers, opticalcomputers, analog computers, dedicated processors, application specificcircuits and/or dedicated hard wired logic may be used to constructalternative equivalent embodiments.

As will be appreciated by one skilled in the art, aspects of the presentinvention may be embodied as a system, method or computer programproduct. Accordingly, aspects of the present invention may take the formof an entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, micro-code, etc.) or anembodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present invention may take the form of acomputer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), a portablecompact disc read-only memory (CD-ROM), an optical storage device, amagnetic storage device, or any suitable combination of the foregoing.In the context of this document, a computer readable storage medium maybe any tangible medium that can contain, or store a program for use byor in connection with an instruction execution system, apparatus, ordevice.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wireline, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations for aspects of thepresent invention may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as JAVA™, Smalltalk, C++ or the like and conventional proceduralprogramming languages, such as the “C” programming language or similarprogramming languages. The program code may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

Aspects of the present invention have been described with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in acomputer-readable storage medium that can direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer-readablestorage medium produce an article of manufacture including instructionswhich implement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

A data processing system suitable for storing and/or executing programcode will include at least one processor coupled directly or indirectlyto memory elements through a system bus. The memory elements can includelocal memory employed during actual execution of the program code, bulkstorage, and cache memories which provide temporary storage of at leastsome program code in order to reduce the number of times code must beretrieved from bulk storage during execution.

Input/output or I/O devices (including but not limited to keyboards,displays, pointing devices, etc.) can be coupled to the system eitherdirectly or through intervening I/O controllers.

Network adapters may also be coupled to the system to enable the dataprocessing system to become coupled to other data processing systems orremote printers or storage devices through intervening private or publicnetworks. Modems, cable modems and Ethernet cards are just a few of thecurrently available types of network adapters.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the invention. Asused herein, the singular forms “a,” “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof.

The corresponding structures, materials, acts, and equivalents of allmeans or step plus function elements in the claims below are intended toinclude any structure, material, or act for performing the function incombination with other claimed elements as specifically claimed. Thedescription of the present invention has been presented for purposes ofillustration and description, but is not intended to be exhaustive orlimited to the invention in the form disclosed. Many modifications andvariations will be apparent to those of ordinary skill in the artwithout departing from the scope and spirit of the invention. Theembodiment was chosen and described in order to best explain theprinciples of the invention and the practical application, and to enableothers of ordinary skill in the art to understand the invention forvarious embodiments with various modifications as are suited to theparticular use contemplated.

What is claimed is:
 1. A system, comprising: a memory; and a processorprogrammed to execute an application server to: receive, from a partnersystem, a connection request comprising a connection model key and apartner system attribute of the partner system requesting a connection;determine, using a predefined connection model stored within the memory,whether the received connection model key and the received partnersystem attribute respectively match a configured connection model keyand a configured authorized partner system attribute within thepredefined connection model; create, in response to determining that thereceived connection model key and the received partner system attributematch the respective configured connection model key and the configuredauthorized partner system attribute within the predefined connectionmodel, a connection that comprises a first unique connection namederived from the received partner system attribute, where the predefinedconnection model comprises a connection namespace field limitation thatlimits a number of created unique connection names; enforce a limit on anumber of multiplexed logical connections to the application server frompartner systems that share the partner system attribute using theconnection namespace field limitation within the predefined connectionmodel; and receive additional connection requests comprising theconnection model key from additional partner systems that share thepartner system attribute; and where, in being programmed to enforce thelimit on the number of multiplexed logical connections to theapplication server from the partner systems that share the partnersystem attribute using the connection namespace field limitation withinthe predefined connection model, the processor is programmed to: foreach additional connection request: determine whether the limit on thenumber of multiplexed logical connections to the application server fromthe partner systems that share the partner system attribute has beenreached based upon the connection namespace field limitation that limitsthe number of created unique connection names and based uponpreviously-created connection names; and create, in response todetermining that the limit on the number of multiplexed logicalconnections has not been reached, an additional multiplexed logicalconnection that comprises an additional unique connection name derivedfrom the received partner system attribute and based upon thepreviously-created connection names.
 2. The system of claim 1, where inbeing programmed to create, in response to determining that the receivedconnection model key and the received partner system attribute match therespective configured connection model key and the configured authorizedpartner system attribute within the predefined connection model, theconnection that comprises the first unique connection name derived fromthe received partner system attribute, the processor is programmed to:concatenate the received partner system attribute and a next availableconnection number to form the first unique connection name.
 3. Thesystem of claim 1, where the processor is further programmed to deny atleast one additional connection request in response to determining,based upon the namespace field limitation that limits the number ofcreated unique connection names and the previously-created connectionnames, that the limit on the number of multiplexed logical connectionsto the application server from partner systems that share the partnersystem attribute has been reached.
 4. The system of claim 1, where theprocessor is further programmed to: receive a request to terminate thecreated additional multiplexed logical connection from one of theadditional partner systems; terminate the additional multiplexed logicalconnection to the one of the additional partner systems requesting thetermination of the additional multiplexed logical connection; and reusethe additional unique connection name used by the terminated additionalmultiplexed logical connection for a new multiplexed logical connectionin response to a new connection request comprising the connection modelkey and the partner system attribute.
 5. The system of claim 1, where:the predefined connection model authorizes a plurality of specificpartner system instances to connect using the predefined connectionmodel via the partner system attribute; and the processor is furtherprogrammed to enforce connection authorization of multiplexed logicalconnections to the application server using the configured authorizedpartner system attribute within the predefined connection model.
 6. Thesystem of claim 1, where the partner system attribute comprises apartner system cluster application instance identifier.
 7. A computerprogram product, comprising: a computer readable storage device havingcomputer readable program code embodied therewith, where the computerreadable program code when executed on a computer causes the computerexecute an application server to: receive, from a partner system, aconnection request comprising a connection model key and a partnersystem attribute of the partner system requesting a connection;determine, using a predefined connection model, whether the receivedconnection model key and the received partner system attributerespectively match a configured connection model key and a configuredauthorized partner system attribute within the predefined connectionmodel; create, in response to determining that the received connectionmodel key and the received partner system attribute match the respectiveconfigured connection model key and the configured authorized partnersystem attribute within the predefined connection model, a connectionthat comprises a first unique connection name derived from the receivedpartner system attribute, where the predefined connection modelcomprises a connection namespace field limitation that limits a numberof created unique connection names; enforce a limit on a number ofmultiplexed logical connections to the application server from partnersystems that share the partner system attribute using the connectionnamespace field limitation within the predefined connection model; andreceive additional connection requests comprising the connection modelkey from additional partner systems that share the partner systemattribute; and where in causing the computer to enforce the limit on thenumber of multiplexed logical connections to the application server fromthe partner systems that share the partner system attribute using theconnection namespace field limitation within the predefined connectionmodel, the computer readable program code when executed on the computercauses the computer to: for each additional connection request:determine whether the limit on the number of multiplexed logicalconnections to the application server from the partner systems thatshare the partner system attribute has been reached based upon theconnection namespace field limitation that limits the number of createdunique connection names and based upon previously-created connectionnames; and create, in response to determining that the limit on thenumber of multiplexed logical connections has not been reached, anadditional multiplexed logical connection that comprises an additionalunique connection name derived from the received partner systemattribute and based upon the previously-created connection names.
 8. Thecomputer program product of claim 7, where in causing the computer tocreate, in response to determining that the received connection modelkey and the received partner system attribute match the respectiveconfigured connection model key and the configured authorized partnersystem attribute within the predefined connection model, the connectionthat comprises the first unique connection name derived from thereceived partner system attribute, the computer readable program codewhen executed on the computer causes the computer to: concatenate thereceived partner system attribute and a next available connection numberto form the first unique connection name.
 9. The computer programproduct of claim 7, where the computer readable program code whenexecuted on the computer further causes the computer to deny at leastone additional connection request in response to determining, based uponthe namespace field limitation that limits the number of created uniqueconnection names and the previously-created connection names, that thelimit on the number of multiplexed logical connections to theapplication server from partner systems that share the partner systemattribute has been reached.
 10. The computer program product of claim 7,where the computer readable program code when executed on the computerfurther causes the computer to: receive a request to terminate thecreated additional multiplexed logical connection from one of theadditional partner systems; terminate the additional multiplexed logicalconnection to the one of the additional partner systems requesting thetermination of the additional multiplexed logical connection; and reusethe additional unique connection name used by the terminated additionalmultiplexed logical connection for a new multiplexed logical connectionin response to a new connection request comprising the connection modelkey and the partner system attribute.
 11. The computer program productof claim 7, where: the predefined connection model authorizes aplurality of specific partner system instances to connect using thepredefined connection model via the partner system attribute; and thecomputer readable program code when executed on the computer furthercauses the computer to enforce connection authorization of multiplexedlogical connections to the application server using the configuredauthorized partner system attribute within the predefined connectionmodel.
 12. The computer program product of claim 7, where the partnersystem attribute comprises a partner system cluster application instanceidentifier.